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DETAILED ACTION 



This first non-final action is in response to the original filing of 04/14/2004. Claims 1-19 
are pending and have been considered as follows. 

Specification 

1 . The disclosure is objected to because of the following informalities: 

- Page 3 paragraph 0010 of the specification recites several references, which appear to be 
relevant analogous prior art. It is noted that the applicant is required to submit a copy of 
each of these references and include a submission of their notation in an Information 
Disclosure Sheet (IDS) in order for the examiner to consider them. 

- Page 23 paragraph 0076 lines 2-5 recite several acronyms (i.e. "CD-ROM"; "RAM"; 
"PROM"; "EPROM"; "FLASH-EPROM"; etc). It is recommended by the examiner to 
include their full expressions (i.e. "Random Access Memory (RAM)") for the purposes of 
clarity and posterity. It is noted that any additional acronyms throughout the 
specification should be corrected in the same manner. 

- Page 23 paragraph 0076 lines 2, 3, & 5 recite, "any other optical medium" and "a carrier 
wave as described hereinafter" and "any other medium from which a computer can read." 
The portion which recites "a carrier wave as described hereinafter" is considered non- 
statutory subject matter and renders any claims which comprise a computer readable 
storage medium as falling under 35 U.S.C. 101. Therefore, the examiner recommends 
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the omission of this particular portion. The other two portions which recite, "any other 
optical medium" and "any other medium from which a computer can read," are only 
unclear and may be construed as including non-statutory subject matter in light of the, "a 
carrier wave as described hereinafter," recitation. It is recommended by the examiner to 
make further clarification to clearly distinguish that the media cannot be a transmission 
medium. 

Appropriate correction is required. 

Claim Objections 

2. Claims 17-19 are objected to because of the following informalities: 

- Claims 17-19 line 1 recite the term "for" which should be omitted since the term renders 
limitations after non-limiting. That is, "an apparatus for" some purpose may very be any 
purpose, where as "an apparatus preventing an attack" or "a computer-readable medium 
carrying one or more sequences of instructions preventing an attack" provides a clear 
scope of the limitations of the invention. 
Appropriate correction is required. 
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Claim Rejections - 35 USC § 112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

4. Claims 1, 5, & 16 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

5. The term "selectively" in claim 1 is a relative term which renders the claim indefinite. 
The term " selectively" is not defined by the claim, the specification does not provide a standard 
for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably 
apprised of the scope of the invention. The examiner recommends the omission of the term 
"selectively." 

6. The term "approximately" in claim 1 is a relative term which renders the claim indefinite. 
The term " approximately" is not defined by the claim, the specification does not provide a 
standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be 
reasonably apprised of the scope of the invention. The examiner recommends the omission of 
the term "approximately." 

7. Claim 16 recites the limitation "the computer-implemented steps" in line 1. There is 
insufficient antecedent basis for this limitation in the claim. The examiner recommends the 
omission of the term "the." 
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Claim Rejections - 35 USC § 101 

8. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention is directed to 
non-statutory subject matter. Claim 19 recites "a computer-readable medium" which is 
considered as non-statutory subject matter in light of the applicant's specification which recites 
"a carrier wave as described hereinafter" in accordance with 35 U.S.C. 101. 

Claim Rejections -35 use §102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

10. Claims 1 & 17-19 are rejected under 35 U.S.C. 102(e) as being anticipated by Schuba et 
aL (US-6944663-B2). 

Claim 1: 

Schuba et al. disclose a method of preventing an attack on a network comprising, 

- "receiving a request to access a resource from a user" (i.e. "the system receives a request 
for service from a client 106 (step 202)") [column 3 lines 52-53]; 
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- "wherein the request includes an accumulated work value" (i.e. "the system generates a 
random number, y, and a transaction identifier, id.sub.l (step 204). The system also 
selects a value for the parameter, n, which specifies the amount of computational work 
involved in computing the preimage x, such that h(x)=y (step 206)") [column 3 lines 53- 
58]; 

"determining whether the accumulated work value exceeds a required work threshold 
value" (i.e. "If id.sub.l =id.sub.2 at step 218, the system computes h(x) (step 220). Next, 
the system compares y and h(x) (step 222). If y=h(x), the client successfully solved the 
client puzzle, and the system performs the requested service for the client (step 224)") 
[column 4 lines 35-39]; 

- "if not, selectively requiring the user to perform a quantity of work as a condition for 
accessing the resource" (i.e. "FIG. 2 is a flow chart illustrating the process of using a 
client puzzle in accordance with an embodiment of the present invention") [column 3 
lines 50-52]; 

- "providing the user with access to the resource" (i.e. "Next, the system compares y and 
h(x) (step 222). If y=h(x), the client successflilly solved the client puzzle, and the system 
performs the requested service for the client (step 224)") [column 4 lines 36-39]; 

- "determining an amount of accumulated work output value to provide to the user based 
on a volume of data communicated between the resource and the user" (i.e. "the system 
generates a random number, y, and a transaction identifier, id.sub.l (step 204). The 
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system also selects a value for the parameter^ n, which specifies the amount of 
computational work involved in computing the preimage x, such that h(x)=y (step 206)") 
[column 3 lines 53-58]; 

- "providing the accumulated work output value to the user" (i.e. "The system also selects 
a value for the parameter, n, which specifies the amount of computational work involved 
in computing the preimage x, such that h(x)=y (step 206)") [column 3 lines 55-58]. 

Claim 17: 

Schuba et al. disclose an apparatus for preventing an attack on a network comprising, 

- "means for performing any of the functions recited in any of the steps of Claims 1, 2, 3, 
4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, or 16" (i.e. "a computer system based on a 
microprocessor, a mainframe computer, a digital signal processor, a portable computing 
device, a personal organizer, a device controller, and a computational engine within an 
appliance") [column 3 lines 35-38]. 

Claim 18: 

Schuba et al. disclose an apparatus for preventing an attack on a network comprising, 

- "a processor" (i.e. "a computer system based on a microprocessor, a mainframe 
computer, a digital signal processor, a portable computing device, a personal organizer, a 
device controller, and a computational engine within an appliance") [column 3 lines 35- 
38]; 

- Vone or more stored sequences of instructions that are accessible to the processor and 
which, when executed by the processor, cause the processor to carry out the steps of any 
of Claims 1,2,3.,4,5,6,7,8,9, 10,11, 12, 13, 14, 15,or 16" (i.e. "The data structures and 
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code described in this detailed description are typically stored on a computer readable 
storage medium, which may be any device or medium that can store code and/or data for 
use by a computer system. This includes, but is not limited to, magnetic and optical 
storage devices such as disk drives, magnetic tape, CDs (compact discs) and DVDs 
(digital versatile discs or digital video discs)") [column 3 lines 10-12]. 
Claim 19: 

Schuba et al. disclose a computer-readable medium carrying one or more sequences of 

instructions for preventing an attack on a network comprising, 

- "wherein execution of the one or more sequences of instructions by one or more 

processors causes the one or more processors to perform the steps of any of Claims 1, 2, 
3, 4, 5, 6, 7, 8, 9, 10, 1 1, 12, 13, 14, 15, or 16" (i.e. "The data structures and code 
described in this detailed description are typically stored on a computer readable storage 
medium, which may be any device or medium that can store code and/or data for use by a 
computer system. This includes, but is not limited to, magnetic and optical storage 
devices such as disk drives, magnetic tape, CDs (compact discs) and DVDs (digital 
versatile discs or digital video discs)") [column 3 lines 10-12]. 
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Claim Rejections - 35 USC §103 

1 1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

12. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schuba et al. (US- 
6944663-B2). 

Claim 2: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
further comprising, 

. - "determining whether a mathematical relationship of the current user identity value and 
the prior user identity value indicates that the user has possession of a resource secret" 
(i.e. "If id.sub.l =id.sub.2 at step 218, the system computes h(x) (step 220). Next, the 
system compares y and h(x) (step 222). If y=h(x), the client successfully solved the client 
puzzle, and the system performs the requested service for the client (step 224)") [column 
4 lines 35-39]. 

but they do not explicitly disclose, 

- "wherein the request includes a prior user identity value and a current user identity value" 
however, they do disclose, 

- "For example, if the parameters associated with the client (id.sub.l, n, y) are stored in a 
database that is indexed by id.sub.l, a subsequent lookup using id.sub.2 will return 
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(id.sub.l, n, y) only if id.sub.l =id.sub.2. Alternatively, if the lookup is based on client 
identifiers, an explicit comparison of id.sub.l and id,sub.2 needs to be performed" 
[column 4 lines 29-34]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the request includes a prior user identity value and a 
current user identity value," in the invention as disclosed by Schuba et al. since it would be 
expected that a client/user may attempt to connect more than just once and accommodations need 
to be made to handle the scenarios where the client is legitimate and non-legitimate as is 
suggested by Schuba et al . 

13. Claims 3-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Schuba et al. 
(US-6944663-B2) in view of Juels et al. (US-7197639-B1). 
Claim 3: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
further comprising, 

- "wherein H(i+l,x) is computed by the user as a hash chain from a non-shared user secret 
(x)" (i.e. "Next, the system stores (id.sub.l, n, y) at server 102 (step 208) and sends 
(id.sub.l, n, y) to client 106 (step 210). The system then allows client 106 to compute the 
preimage x, such that h(x)=y (step 212). In one embodiment of the present invention, h is 
a hash function, such as SHAl or MD5, so that computing the preimage x given y 
requires significantly more time than computing the hash function h(x) given x") [column 
3 lines 59-64]; 
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- "wherein H(n,x)= h(H(n-l,x)" (i.e. "If id.sub.l =id,sub.2 at step 218, the system 
computes h(x) (step 220). Next, the system compares y and h(x) (step 222). If y=h(x), the 
client successfully solved the client puzzle, and the system performs the requested service 
for the client (step 224)") [column 4 lines 35-39]; 

- "wherein n > 0 and H(0,x) = x" (i.e. "The parameter n is used to adjust the amount of 
work required to compute the preimage x. For example, the parameter n can be used as a 
parameter to the hash function h, which indicates both the size of the hash value 
generated by the hash function h, as well as the number of bits of x that are used in 
computing h(x)") [column 4 lines 3-8]; 

- "wherein function h is a one-way function that is difficult to invert" (i.e. "h is a hash 
function, such as SHAl or MD5, so that computing the preimage x given y requires 
significantly more time than computing the hash function h(x) given x") [column 3 lines 
63-64]; 

- "receiving a current user identity value H(i,x)" (i.e. "Next, the system receives (id.sub.2, 
x) from the client (step 214), wherein id.sub.2 is an identifier returned by the client and x 
is the preimage of y computed by the client") [column 4 lines 20-22]; 

- "verifying that the keyless user identity value properly identifies the user only upon 
determining that h(H(i,x)) = H(i+l,x)" (i.e. "If id.sub.l =id.sub.2 at step 218, the system 
computes h(x) (step 220). Next, the system compares y and h(x) (step 222). If y=h(x), the 
client successfully solved the client puzzle, and the system performs the requested service 
for the client (step 224)") [column 4 lines 35-39]; 
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but they do not disclose, 

- "receiving a prior keyless user identity value H(i+1 ,x) in the request comprising a one- 
time password" ' 

however, Juels et al. do disclose, 

- "For example, after TCP-IP is established, the next higher protocol layer can demand a 
secret password or other form of authentication before proceeding with the execution of 
the server application" [column 13 lines 23-25]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "receiving a prior keyless user identity value H(i+l,x) in the 
request comprising a one-time password," in the invention as disclosed by Schuba et al. since 
"an adversary cannot pass through this security barrier. If this were not true, then the adversary 
would not be limited to disabling the server 120 through session-establishing resource depletion" 
[column 13 lines 27-30]. 
Claim 4: 

Schuba et al. and Juels et al. disclose a method of preventing an attack on a network, as in Claim 
3 above, fiirther comprising, 

- "wherein h comprises a SHA-1 hash algorithm" (i.e. "h is a hash fiinction, such as SHAl 
or MD5, so that computing the preimage x given y requires significantly more time than . 
computing the hash function h(x) given x") [column 3 lines 63-64]. 
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Claim 5: 

Schuba et al. and Juels et al. disclose a method of preventing an attack on a network, as in Claim 
3 above, ftirther comprising, 

- "wherein n is approximately lOM'' (i.e. "The parameter n is used to adjust the amount of 
work required to compute the preimage x. For example, the parameter n can be used as a 
parameter to the hash function h, which indicates both the size of the hash value 
generated by the hash fiinction h, as well as the number of bits of x that are used in 
computing h(x)") [column 4 lines 3-8]. 

Claim 6: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
but they do not disclose, 

- "determining the required work threshold value based on a then-current capacity of the 
resource" 

however, Juels et al. do disclose, 

- "the rate of connection buffer allocation and the likely computational capacity of one or 
more attacking clients LIO can be used to select the computational size of a particular 
tasks when operating in a defensive mode" [column 7 lines 29-33]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "determining the required work threshold value based on a then- 
current capacity of the resource," in the invention as disclosed by Schuba et al. or the purposes of 
assessing the likelihood of attack. 
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Claim 7: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
but they do not disclose, 

- "determining the required work threshold value based on a then-current capacity of the 
resource" 

- "requiring a first user who has an accumulated work value that is greater than the 
required work threshold value to perform a first amount of work as a condition for 
accessing the resource" 

- "requiring a second user who has an accumulated work value that is less than or equal to 
the required work threshold value to perform a second amount of work as a condition for 
accessing the resource" 

- "wherein the second amount of work is greater than the first amount of work" 
however, Juels et al. do disclose, 

- "the rate of connection buffer allocation and the likely computational capacity of one or 
more attacking clients 1 10 can be used to select the computational size of a particular 
tasks when operating in a defensive mode" [column 7 lines 29-33]; 

- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
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Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "determining the required work threshold value based on a then- 
current capacity of the resource" and "requiring a first user who has an accumulated work value 
that is greater than the required work threshold value to perform a first amount of work as a 
condition for accessing the resource" and "requiring a second user who has an accumulated work 
value that is less than or equal to the required work threshold value to perform a second amount 
of work as a condition for accessing the resource'' and "wherein the second amount of work is 
greater than the first amount of work," in the invention as disclosed by Schubaetal. since the 
client puzzle protocol is used for controlling the rate of connection buffer allocation and the 
likely computational capacity in order to provide graceful degradation in service when an attack 
is mounted (i.e. denial of service attack). 
Claim 8: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
but they do not disclose, 

- "wherein the step of determining an amount of accumulated work output value is 
performed for a specified user only during a specified time period in which accumulating 
work is allowed for that specified user" 

however, Juels et ah do disclose, 

- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
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Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the step of determining an amount of accumulated 
work output value is performed for a specified user only during a specified time period in which 
accumulating work is allowed for that specified user," in the invention as disclosed by Schuba et 
aL since the client puzzle protocol is used for controlling the rate of connection buffer allocation 
and the likely computational capacity in order to provide graceful degradation in service when an 
attack is mounted (i.e. denial of service attack). 
Claim 9: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
but they do not disclose, 

- "wherein the step of determining an amount of accumulated work output value is 
performed for a specified user only if the current user identity value received from the 
user is not found in a list of user identity values that were previously received in a 
specified time period" 

however, Juels et al. do disclose, 

- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the step of determining an amount of accumulated 
work output value is performed for a specified User only if the current user identity value 
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received from the user is not found in a list of user identity values that were previously received 
in a specified time period," in the invention as disclosed by Schuba et al. since the client puzzle 
protocol is used for controlling the rate of connection buffer allocation and the likely 
computational capacity in order to provide graceful degradation in service when an attack is 
mounted (i.e. denial of service attack). 
Claim 10: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
but they do not disclose, 

- "digitally signing and providing a timestamp to the user with the accumulated work 
output value" 

- "wherein the step of determining an amount of accumulated work output value is 
performed for a specified user" 

- "only upon: receiving the timestamp is received in a subsequent request" 

- "only upon: verifying the timestamp value" 

- "only upon: determining that the timestamp value is within an allowed range" 
however, Juels et al. do disclose, 

- "This time stamp, or any other portion of seed dafa (SD) can be optionally authenticated 
with the use of a secretly computed message authentication code residing as part of the 
other data (OD) 530 portion of the seed data (500)" [column 19 lines 22-26]; 
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- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "digitally signing and providing a timestamp to the user with the 
accumulated work output value" and "wherein the step of determining an amount of accumulated 
work output value is performed for a specified user" and "only upon: receiving the timestamp is 
received in a subsequent request" and "only upon: verifying the timestamp value" and "only 
upon: determining that the timestamp value is within an allowed range," in the invention as 
disclosed by Schuba et al. since "secretly computed message authentication code residing as part 
of the other data" may typically be "digitally signed and time stamped" information for 
verification, where a client puzzle protocol is used to control graceful degradation in service. 
Claim 11: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
further comprising, 

- "receiving the accumulated proof of work value" (i.e. "If id.sub. 1 =id.sub.2 at step 2 1 8, 
the system computes h(x) (step 220). Next, the system compares y and h(x) (step 222). If 
y=h(x), the client successfully solved the client puzzle, and the system performs the 
requested service for the client (step 224)") [column 4 lines 35-39]. 
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Claim 12: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
but they do not disclose, 

- "a prior user identity value and a current user identity value in a cookie provided by the 
user to the resource" 

- "wherein determining an amount of accumulated work output value to provide to the user 
based on a volume of data communicated between the resource and the user comprises 
determining the amount of accumulated work as 2^k * p" 

- "where k is a number of bits of work previously performed by the user and p is a number 
of messages or packets communicated between the user and the resource" 

however, Juels et al. do disclose, 

- "the "client puzzle" protocol" [column 8 line 65]; 

- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "a prior user identity value and a current user identity value in a 
cookie provided by the user to the resource" and "wherein determining an amount of 
accumulated work output value to provide to the user based on a volume of data communicated 
between the resource and the user comprises determining the amount of accumulated work as 
2^k * p" and "where k is a number of bits of work previously performed by the user and p is a 
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number of messages or packets communicated between the user and the resource," in the 
invention as disclosed by Schuba et al. since the client puzzle protocol is used for controlling the 
rate of connection buffer allocation and the likely computational capacity in order to provide 
graceful degradation in service when an attack is mounted (i.e. denial of service attack). 
Claim 13: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
but they do not disclose, 

- "providing the accumulated work output value in a cookie sent from the resource to the 
user" 

however, Juels et al. do disclose, 

- "the "client puzzle" protocol" [column 8 line 65]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "providing the accumulated work output value in a cookie sent 
from the resource to the user," in the invention as disclosed by Schuba et al. since the client 
puzzle protocol is used for controlling the rate of connection buffer allocation and the likely 
computational capacity in order to provide graceful degradation in service when an attack is 
mounted (i.e. denial of service attack). 
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Claim 14: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
but they do not disclose, 

- "selectively increasing the required work threshold value for a particular user in response 
to congestion conditions of the resource" 

however, Juels et al, do disclose, 

- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "selectively increasing the required work threshold value for a 
particular user in response to congestion conditions of the resource," in the invention as 
disclosed by Schuba et al. since the client puzzle protocol is used for controlling the rate of 
connection buffer allocation and the likely computational capacity in order to provide graceful 
degradation in service when an attack is mounted (i.e. denial of service attack). 
Claim 15: 

Schuba et al. disclose a method of preventing an attack on a network, as in Claim 1 above, 
further comprising, 

- "wherein requiring the user to perform a quantity of work as a condition for accessing the 
resource comprises requiring the user to hash a message until a specified number of bits 
are zero" (i.e. "Next, the system stores (id.sub.l, n, y) at server 102 (step 208) and sends 
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(id.sub.l, n, y) to client 106 (step 210). The system then allows client 106 to compute the 
preimage x, such that h(x)=y (step 212). In one embodiment of the present invention, h is 
a hash function, such as SHAl or MD5, so that computing the preimage x given y 
requires significantly more time than computing the hash function h(x) given x") [column 
3 lines 59-64]. 
Claim 16: 

Schuba et al. disclose a method of preventing an attack on a network comprising, 

- "receiving a request to access a resource from a user" (i.e. "the system receives a request 
for service from a client 106 (step 202).") [column 3 lines 52-53]; 

- "determining whether the accumulated work value exceeds a required work threshold 
value" (i.e. "If id.sub.l =id.sub.2 at step 218, the system computes h(x) (step 220). Next, 
the system compares y and h(x) (step 222). If y=h(x), the client successfully solved the 
client puzzle, and the system performs the requested service for the client (step 224)") 
[column 4 lines 35-39]; 

- "providing the user with access to the resource only when the accumulated work value 
exceeds a required work threshold value" (i.e. "If y=h(x), the client successfully solved 
the client puzzle, and the system performs the requested service for the client (step 224)") 
[column 4 lines 36-39]; 

but they do not disclose, 

- "wherein the request includes an accumulated work value that represents work that the 
resource has previously required the user to perform in order to obtain previous access to 
the resource" 
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however, Juels et ah do disclose, 

- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the request includes an accumulated work value that 
represents work that the resource has previously required the user to perform in order to obtain 
previous access to the resource," in the invention as disclosed by Schuba et al. since the client 
puzzle protocol is used for controlling the rate of connection buffer allocation and the likely 
computational capacity in order to provide graceful degradation in service when an attack is 
mounted (i.e. denial of service attack). 

Conclusion 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Examiner Oscar Louie whose telephone number is 571-270-1684. 
The examiner can normally be reached Monday through Thursday from 7:30 AM to 4:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami, can be reached at 571-272-4195. The fax phone number for 
Formal or Official faxes to Technology Center 2100 is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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